Last modified: 2011-03-31 23:03:03 UTC
It says in its doc: "- password The user's password. Password logins will be disabled if this is omitted." but it doesn't really expect a plain password.
I've adjusted the doc comment in r85098 to be clearer that those are password hash fields.